106 matches found
SQL Injection in 'core/ajax/ajax_data.php'
Description There exists an SQL injection affecting the customerid parameter located in the file core/ajax/ajaxdata.php Let's take a look at the following code: https://github.com/unilogies/bumsys/blob/9dc2de204116297a7e528c38bc3b1e89bf40f907/core/ajax/ajaxdata.phpL537 sql where stockproductid =...
Code breaks if first user is not expected user
Lines of code Vulnerability details Code breaks if first user is not expected user Summary Rather than iterate and continue if user is not the expected one, this code breaks all the execution if first user is userId Vulnerability Detail Execution is broke most of the times at first iteration for ...
Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer
Lines of code Vulnerability details Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer Summary Some tokens token1, token0, ... are used over the code that can be any kind of ERC20 token. If this token includes fees on transfer, some operations will...
Integer Overflow Vulnerability in _addSplittable Function.
Lines of code Vulnerability details Impact splitsStorage.splitsStatesuserId.balancesassetId.splittable += amt; This vulnerability, if exploited, would allow an attacker to add a large amount of funds to a user's splittable balance, causing it to exceed the maximum value that the uint128 type can...
TimeswapV2LiquidityToken: collect() will always revert because it uses the wrong parameters when calling ITimeswapV2Pool.transferFees()
Lines of code Vulnerability details Proof of Concept collect uses the wrong paramenters when calling ITimeswapV2Pool.transferFees. It uses long0Fees, long1Fees, and shortFees instead of param.long0FeesDesired, param.long1FeesDesired, and param.shortFeesDesired. The former 3 are defined in the...
Missing Access Controls in Liquidity Position Library
Lines of code Vulnerability details Impact function feesEarnedOf LiquidityPosition memory liquidityPosition, uint256 long0FeeGrowth, uint256 long1FeeGrowth, uint256 shortFeeGrowth internal pure returns uint256 long0Fee, uint256 long1Fee, uint256 shortFee ... function updateLiquidityPosition stora...
Pool._amountToBin() returns a wrong value when protocolFeeRatio = 100%.
Lines of code Vulnerability details Impact Pool.amountToBin returns a larger value than it should when protocolFeeRatio = 100%. As a result, bin balances might be calculated wrongly. Proof of Concept delta.deltaInBinInternal is used to update the bin balances like this. if tokenAIn binBalanceA +=...
GHSA-78M5-JPMF-CH7V GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
Summary Unsafe extracting using shutil.unpackarchive from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination. Details Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destination file path is...
# [KB123-M-1]. return(timestamp / WEEK) * WEEK; is in seconds instead of weeks.
Lines of code Vulnerability details Medium Report KB123-M-1. returntimestamp / WEEK WEEK; is in seconds instead of weeks. Vulnerability details Impact return timestamp / WEEK WEEK; is in seconds Rounded by seconds in 1 week instead of weeks Causing timestamp logic to be broken POC Epoch timestamp...
Parent domain owner can steal ownership and clear any fuses for any sub-domain if CANNOT_UNWRAP is not burnt on his own domain
Lines of code Vulnerability details Impact There is a general incorrect logic of burning fuses throughout NameWrapper, which allows parent domain owner to burn subdomain fuses including PARENTCANNOTCONTROL regardless of parent domain's own fuses only subdomain fuses are checked, parent fuses are...
Eth sent to Timelock will be locked in current implementation
Lines of code Vulnerability details Impact Eth sent to Timelock will be locked in current implementation. I came across this problem while playing around with the governance contract. Proof of Concept Setup the governance contracts GovernorBravoDelegate, Timelock Send eth to timelock contract Set...
Malicious code in code-snippet-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f680de2cbe3d658c28bad18e894dd3fd430e14419dc1cf04f15a54e89f19501d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1969 Malicious code in code-snippet-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f680de2cbe3d658c28bad18e894dd3fd430e14419dc1cf04f15a54e89f19501d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Win32.MarsStealer Web Panel Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...
Zoom Client < 4.6.12 Multiple Vulnerabilities (Jun 2020)
The Zoom Client is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoom:zoom"; ifdescription...
transferNotionalFrom doesn't check from != to
Handle gpersoon Vulnerability details Impact The function transferNotionalFrom of VaultTracker.sol uses temporary variables to store the balances. If the "from" and "to" address are the same then the balance of "from" is overwritten by the balance of "to". This means the balance of "from" and "to...
CVE-2021-26698
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...
CVE-2021-20727
Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...
h1-ctf: Hacky Holidays Writeup
On December 12th, 2020, the CTF became live and the scope that we are allowed to attack was In Scope Domain - hackyholidays.h1ctf.com Our main motive was to infiltrate his network and take him down. The challenges appeared one by one till 24th of December. Here we will be going through all the...
Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability
Summary An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacke...